Flaw in iOs 9.3.1 Allows Access To Contacts & Photos From Lock Screen


 Flaw in iOs 9.3.1 Allows Access To Contacts & Photos From Lock Screen

There is a security flaw found in iOS 9.3.1 by Jose Rodriguez affects the latest models of iPhone SE, the iPhone 6S and iPhone 6S Plus. This issue only affects some devices and allows access to contacts and photos without having to enter a passcode or fingerprint. The good news is that we can avoid this problem. The trouble is that, as always, if we avoid, mermaremos user experience.

The ruling can be exploited by summoning Siri, either hold by pressing the start button or the “Hey, Siri” command, and asking him to do a search on Twitter. If the results contain contact details with which we interact, as an e-mail, you can use a 3D Touch gesture to launch a context menu with options to send an email and add or change contact information. From 3D Touch shortcuts, when you tap “Add to existing contact” our contact list will open, which can allow access to photos if so configured.

For this failure can be exploited, we must allow Siri to access our Twitter account, Reel photos or related applications, which would allow display and search results via Siri. As you can see in the video, to work also we need to make a preliminary step: write a tweet with an email (may be false and even a server that does not exist, as prueba@hola.es) so we can use the 3D gesture Touch.


How to Fix Security Flaw in iOs 9.3.1

As the saying goes, “dead dog rabies is over.” To my not seduce me the idea and in fact I will not do, but if we restrict Siri from the lock screen will not suffer this and many other problems that have appeared, most of them allow you to bypass using Siri. But there are other solutions:

  • Turn off Siri access to Twitter by going to Settings > Privacy > Twitter and disable Siri toggle.
  • Turn off Siri access to photos from Settings / Privacy / photos and restrict access.

In fact it is what usually happens is that nothing ask Siri to do this kind of search, answer us “First you have to unlock the iPhone” and not a step further if we do not identify. But sometimes this security measure fails and our data are exposed. Now we have to decide whether to enjoy all the features of iPhone 6s or impair our experience using it. In any case, most likely, this failure is corrected in a future update. (Source: videosdebarraquito [YouTube])

Follow us on Twitter, subscribe to our Facebook Page, find us on LinkedIn